Liminal is the data controller for your personal data that is subject to this Policy. Our EU data protection representative for the purposes of the EU General Data Protection Regulation and the UK Data Protection Act 2018, as applicable, is Liminal BioSciences Limited and can be contacted at email@example.com.
This Policy applies solely to data collected through the Website or provided to us in connection with certain business interactions, as described below. It does not apply to other interactions you may have with Liminal, which may be subject to separate privacy notices provided to you. Moreover, this Policy does not apply to information collected from patients enrolled in connection with our clinical studies. If you are a patient, please refer to the privacy notice included in the applicable informed consent form.
Please carefully read this Policy. By using our Website and/or by providing us with your personal data, you are agreeing to the terms of this Policy.
2. What personal data we collect about you
Information that you provide to us.
We collect personal data that you provide to us, for the purposes set out below, in the following ways:
- Communications with us directly: We collect personal data when you voluntarily submit information to us directly such as via postal, telephone and/or email communications.
- Communications via the Website: We collect personal data when you provide it to us through communications via our Website, or Site, for example when you fill out web forms to ask to be contacted by us, ask to download content (such as brochures, studies or guides), register for a webcast or other event. The specific data collected during these interactions will vary based on the purpose of the form or the nature of your request, but it will generally include your name, job title, email address, phone number, nature of enquiry.
- News: If you sign up to keep up to date with Liminal’s latest news, we will collect your name and email address.
- Events: If you attend a Liminal’s event, we may collect your personal data when you attend the event and exchange your details with us (for example, by providing your business card).
Information Collected Automatically.
3. How we use your data
We process any personal data you provide to us in the following ways:
As necessary for our legitimate business interests, including:
- To respond to inquiries, comments, feedback or questions;
- To comply with our legal and regulatory obligations and requests, including reporting to and/or being audited or investigated by national and international regulatory bodies;
- To send administrative information to you, for example, information about the Website, and changes to our terms, conditions, and policies;
- To analyze Site usage so we can provide, maintain and improve the content and functionality of the Site;
- For the establishment, exercise or defense of legal claims and enforce our legal rights, whether in court proceedings or in an administrative or out-of-court procedure or as part of any criminal or other legal investigation;
- To prevent fraud, criminal activity, or misuses of our Site and to ensure the security of our IT systems, architecture and networks, including maintaining back-ups of our databases;
- To contact you to tell you about information we believe will be of interest to you, such as news about Liminal, newsletters and upcoming events. Our legal basis for doing this is your consent, you give at the time of submitting your relevant personal data, which you may withdraw at any time.
4. Disclosing your personal data to others
We may share your personal data as follows:
- To any member of our group of companies (this means to Liminal and all of its affiliates worldwide) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this Policy.
- To service providers that we engage to provide services for us, including hosting, cloud services and other information technology services providers; email communication software providers, advertising and marketing service providers; customer relationship management; payment processors; identity verification services; and analytics services;
- In the event that our business, or a part of our business, is sold, assigned or transferred, your personal data may be transferred to a successor or affiliate as part of that transaction along with other assets;
- Where we believe in good faith that such disclosure is necessary pursuant to applicable law or regulations, requests from governmental authorities, for the establishment, exercise or defense of legal claims, in connection with a criminal or other legal investigation, or in order to protect your legal interests or the legal interests of another person.
5. International transfers of your personal data for individuals in the EEA or UK
Liminal is headquartered in Canada and many of our third-party providers are located there. We also have offices in the UK and service providers may also be based in these countries (for example, the hosting facilities for our Website are situated in the USA). Please note that some of these countries may have data protection laws less stringent than or otherwise different from the laws in effect in the EEA and the UK.
Transfers to recipients outside of the EEA and the UK will be protected by appropriate safeguards, namely:
- Ensuring recipients are based in countries benefitting from an “adequacy decision” by the European Commission, namely Canada; or
- By entering into standard contractual clauses approved by the European Commission with the relevant recipients, where applicable.
In some circumstances, transfers of your personal data to recipients outside of the EEA and UK are necessary to perform the agreement we have entered into, or are about to enter into, with you.
For further information about the safeguards in place for transfers of your personal data, you may contact us (see “Contact Us” below).
6. Retaining your personal data
We will only retain your personal data for as long as is necessary to fulfil that purpose or those purposes for which it was collected or for as long as such retention is necessary for compliance with a legal obligation or to satisfy another lawful basis.
If you require further information around retention periods in relation to your personal data, please contact firstname.lastname@example.org.
7. Changes to this Policy
We may update this Policy from time to time by publishing a new version on our Website. You should check this page regularly to ensure you are happy with any changes to this Policy. We may contact you with details of changes where appropriate by email or otherwise. By continuing to use the Website or by providing us with personal data after we have posted an updated Policy, or notified you if applicable, you consent to the revised Policy and practices described in it.
8. Your rights
The following section only applies if you are based in the EEA or in the UK.
Under certain circumstances, you have rights under the EU General Data Protection Regulation or the UK Data Protection Act 2018, as applicable, in relation to the personal data we hold about you. You can request to:
- access personal data we hold about you;
- rectify any incorrect or incomplete personal data we hold about you;
- delete the personal data we hold about you;
- restrict the processing of personal data we hold about you;
- object at any time: (i) on grounds relating to your particular situation, to the processing of personal data when the processing is based on the legitimate interest basis in the
- circumstances described above, unless we demonstrate compelling legitimate grounds for the processing or we need to process your data in order to establish, exercise, or
- defend legal claims, and (ii) to the processing of personal data for direct marketing;
- obtain personal data that you consented to provide to us or that is necessary to perform a contract with us, and that is processed by automated means, in a structured, commonly used and machine-readable format;
- withdraw your consent at any time (if applicable).
You can make all such requests via emailing us at email@example.com.
You are also entitled to lodge a complaint with the Information Commissioner’s Office (ICO) in the UK (please see the ICO’s website for further details, www.ico.org.uk) or other data protection authority that is authorized to hear your concerns.
9. Third party websites
Our Website may include hyperlinks to third party websites not operated or controlled by Liminal (“Third Party Sites”). The information that you share with Third Party Sites be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Policy. Please contact the Third Party Sites directly for information on their privacy practices and policies.
10. Personal data of children
Our Website is targeted for people over the age of 18. We do not knowingly collect personal data from minors (under 18). If you have reason to believe that a minor has provided personal data to Liminal through the Website, please contact us at firstname.lastname@example.org and we will endeavor to delete that data from our databases.
11. Updating information
Please let us know if the personal data that we hold about you needs to be corrected or updated.